Appl.No. 10/613,636 

Amdt dated July 5, 2007 

Reply to Office action of March 5, 2007 

Please amend the claims as follows. This Listing of Claims will replace all prior versions, 
and Listings of Claims in the application: 

Listing of Claims : 

1 . (Currently amended) A computer system comprising: 
a processor; 

a memory storage unit; 

an operating system comprising a kernel, said kernel comprising a plurality of kernel 
modules, said kernel modules comprising signature information; and 

a kernel module signature verification system for verifying said kernel module 
signature information of each of said plurality of kernel modules as said plurality of kernel 
modules are loaded into said kernel, wherein said kernel module signature information is 
generated via a public key and a private key compilation in said kernel module said kernel 
module signature verification system includes, (a) a kernel cryptographic framework for 
verifying said kernel module signature information, and (b) a kernel cryptographic 
framework daemon for (0 performing verification lookup operations of signature information 
provided to said kernel cryptographic framework in said kernel, and (if) performing module 
verification of said plurality of kernel modules, 

wherein said kernel cryptographic framework retrieves pathname information of said 
signature information for each of said plurality of kernel modules when said plurality of 
kernel modules attempt to load up to said kernel to perform cryptographic operations. 

2. (Cancelled) 

3. (Previously presented) The computer system of claim 1, wherein said kernel module 
signature information comprises signature length data unique to each of said plurality of 
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kernel modules, said signature length data used by said kernel module signature verification 
system in uniquely identifying each of said plurality of kernel modules. 

4. (Original) The computer system of claim 3, wherein said kernel module signature 
information further comprises signature size data for further uniquely identifying each of said 
kernel module. 

5. - 8 . (Cancelled) 

9. (Currently amended) The computer system of claim 1 [[8]], wherein said kernel 
cryptographic framework comprises a cryptographic service provider registration unit for 
registering each of said plurality of kernel modules wishing to provide cryptographic services 
in said kernel. 

1 0. (Original) The computer system of claim 9, wherein said kernel cryptographic 
framework further comprises a intra-kernel communication unit for enabling communications 
between said kernel cryptographic framework and said kernel cryptographic framework 
daemon. 

1 1 . (Original) The computer system of claim 10, wherein said kernel cryptographic 
framework further comprises a data structure unit for storing said kernel module signature 
information. 

12. -24. (Cancelled) 

25. (Currently amended) In a computer system, a computer software implemented kernel 

module signature verification system, comprising: 
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kernel cryptographic framework for verifying signatures uniquely defining each of a 
plurality of kernel cryptographic modules; and 

kernel cryptographic framework daemon for performing module verification for each 
of said plurality of kernel cryptographic modules, wherein said kernel cryptographic 
framework daemon retrieves pathname information of said signature information for each of 
said plurality of kernel modules when said plurality of kernel modules attempt to load up to 
said kernel to perform cryptographic operations^ 

wherein said kernel cryptographic framework further comprises an intra-kerne! 
communication unit for enabling communications between said kernel cryptographic 
framework and said kernel cryptographic framework daemon . 

26. (Cancelled) 

27. (Previously presented) The kernel module signature verification system of claim 25, 
wherein said kernel cryptographic framework comprises a cryptographic service provider 
registration unit for registering each of said plurality of kernel modules wishing to provide 
cryptographic services in said kernel. 

28. (Cancelled) 

29. (Currently amended) The kernel module signature verification system of claim 27 
[[28]], wherein said kernel cryptographic framework further comprises a data structure unit 
for storing said kernel module signature information. 

30. (Original) The kernel module signature verification system of claim 29, wherein said 
kernel cryptographic framework and said kernel cryptographic framework daemon 
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communicate via a plurality of input/output control commands. 



31. -36 (Cancelled) 
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